CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

FTC Bashes General Motors (GM) for Selling Driver Tracking Data

By 1 Comment
FTC Bashes General Motors (GM) for Selling Driver Tracking Data

The Federal Trade Commission (FTC) has announced enforcement action against General Motors (GM) and its subsidiary, OnStar, for allegedly collecting and selling drivers' precise geolocation and driving behavior data without proper consent. Under a proposed settlement, GM and OnStar will be barred from sharing such data with consumer reporting agencies for five years and must implement new consumer privacy protections.

GM is one of the world's largest automakers, with operations in over 100 countries and millions of vehicles on the road. Headquartered in Detroit, Michigan, GM sells vehicles under several major brands, including Chevrolet, GMC, Cadillac, and Buick. The company produces more than six million vehicles annually and serves tens of millions of customers worldwide. Through its OnStar division, GM has expanded into connected vehicle services, offering emergency response, navigation, and remote diagnostics to millions of subscribers.

GM's data collection practices

The FTC's investigation found that GM used misleading enrollment processes to sign consumers up for OnStar and the OnStar Smart Driver feature, which tracks vehicle location, speed, braking, and other driving behaviors. Although the feature was marketed as a tool to help users assess their driving habits, GM reportedly sold this data to third parties, including consumer reporting agencies such as LexisNexis and Verisk Analytics, which used it to generate consumer reports affecting auto insurance rates​.

The complaint highlights that GM collected precise geolocation data from millions of vehicles every three seconds, transmitting it to third parties like Wejo Ltd. and, later, Jacobs Engineering Group. This data could be used to track individuals' daily movements, revealing visits to sensitive locations such as hospitals or places of worship​.

Many consumers were unaware they had been enrolled in OnStar Smart Driver and only learned of the data sharing when their insurance premiums unexpectedly increased, or coverage was denied. One customer, after discovering their data had been sold, complained: “When I signed up for this, it was so OnStar could track me. They said nothing about reporting it to a third party. Now you're making me pay more to my insurance company”​.

The FTC also criticized GM's privacy policy, which failed to explicitly state that collected data would be shared with insurers and other third parties. Additionally, the commission found that GM used an opt-in process that coupled Smart Driver enrollment with unrelated vehicle maintenance notifications, further misleading consumers​.

FTC's proposed settlement

The proposed FTC order imposes several restrictions and requirements on GM and OnStar:

  1. GM and OnStar must not sell or disclose drivers' geolocation and driving behavior data to consumer reporting agencies for five years​.
  2. Before collecting any connected vehicle data, GM must obtain explicit, informed consent from consumers​.
  3. Consumers must be provided a simple mechanism to request a copy of their collected data and delete it from GM's records​.
  4. GM must allow consumers to turn off geolocation tracking if their vehicle supports it​.

The consent agreement will be open for public comment for 30 days before a final decision is made. Violations of the order could result in fines of up to $51,744 per infraction​.

The privacy nightmare of modern cars

This action comes just days after Texas Attorney General Ken Paxton filed a lawsuit against Allstate for allegedly harvesting and selling driving data from millions of users without consent. Allstate's data subsidiary, Arity, reportedly embedded tracking software in third-party mobile apps, such as Life360, to amass a massive driving behavior database. The Texas lawsuit, the first under the Texas Data Privacy and Security Act, seeks civil penalties and an injunction to stop unlawful data collection​.

The FTC's move against GM signals a growing crackdown on automakers and insurers using hidden data collection practices. As vehicle connectivity expands, regulatory agencies are expected to impose stricter rules to protect consumer privacy and limit unauthorized data monetization.

About Alex Lekander

Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors.

Reader Interactions

Comments

  1. Racecar Driver

    You should not expect anything less if you are allowing something too track your driving habits . I do not understand the sense of betrayal here . Im interested in the data being collected WITHOUT having any of these crap services in your car . I assume ANY service I subscribe too track me .

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *